Great! Mike West <mkwst@google.com> writes: > Because I don't understand why ServiceWorkers have introduced > path-based granularity. As I noted in that thread (and as Brian > agreed), the origin makes sense as a security boundary. Pretending > that such a boundary exists for paths seems problematic. I suppose the one case where the path-based approach helps is the university scenario, where e.g. stanford.edu/~evil sets an overly-restricting CSP that ends up breaking *.stanford.edu. The right thing here is for the admin to disallow setting such headers, but I can see that becoming a problem. (But, I guess ~evil can already mess with cookies, etc.) In any case, I agree with sticking to the origin as the security boundary, I was more curious to see if you got any info from Alex or others on the path stuff off-list. DeianReceived on Monday, 16 February 2015 20:02:48 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:10 UTC